Two file management apps on the Google Play Store have been discovered to be spyware that quietly sends user data to servers in China.
The fishy apps are File Recovery & Data Recovery and File Manager, according to an alert this week from Pradeo, a leading mobile cybersecurity company. The apps, both from the same developer, are programmed to launch without any input from the user and quietly send sensitive user data to servers based in China.
Thank you for posting this, since OP wasn’t kind enough to include it in the post description.
Update: L3s made the decision to mark it as a bot and has taken the time to reach out and sort of explain their thought process and feelings and I really appreciate it. No bad blood or hurt feelings or anything, and I genuinely think that there’s value and good intention in what they’re doing, I just had an issue with this one specific thing and it looks like we got past it. No big deal, we’re all adults, now let’s eat some cheese.
@L4s is a bot account and not marked as such in the account preferences. I’ve messaged the owner of the account about it and asked them to toggle that on, but so far I’ve heard nothing, so I’m reaching out to support. They are also a moderator here.
I didn’t even notice it was missing the bot marker. Good catch.
@[email protected] you plan on fixing that any time soon?
Edit: I’ve realized I’m wrong below. A bot is a bot, and mine is no exception. Sorry to anyone who felt deceived, that was not my intention.
@[email protected] my apologies for not replying, I read your message while updating a bunch of code for the bot and forgot to reply.
When I made L4s I had gone through Lemmy’s Code of Conduct, and didn’t see where that was required for bots? If I misunderstood the Code of Conduct I will gladly mark it as a bot, or if the admins of lemmy.world clarify to me they want it to be done. Please let me know if you are aware of where it is required, as I want to abide by the the rules here, and don’t want to annoy anyone. Maybe @[email protected] could clear this up for me, I know he is extremely busy though.
The goal of L4s is to help jump-start communities and content, and I felt 99% of people uncheck “show bot accounts” since they don’t want what would be the equivalent of “automod”, spellchecker bots, etc to show up - not something that’s bringing them content they subscribed to or previously enjoyed on reddit.
So far it’s helped multiple communities that way (see [email protected] prior to its posts, and a few days after, it’s now the largest “active users” community on all instances), and has sparked a lot of conversations in the posts. The reason I bring that up is most have not complained about the fact it’s not checked, even though I do not hide that it’s a bot in any way, and most enjoy seeing the content it posts. Checking that would mean that those who don’t quite understand there are content bots, would no longer see these posts.
Also, yes, I’m a mod here. My role irl is very deeply technology related, that is what I enjoy. In my free-time I have been trying to make Lemmy.World one of the best instances as far as content, and helping keep [email protected] on-topic and toxic free.
I second the suggestion to mark @[email protected] as a bot. Regardless of what the CoC says, it would be unethical not to.
In this thread people were complaining about how the body contained insufficient information, and the copied title of the article is click bait. A human poster would be able to respond to these concerns whereas a bot cannot.
I think it would be overall healthier for the Fediverse as a whole if the bot-marking feature was widely respected and exceptions like this not being taken.
This was my main concern. It felt very low effort and felt like a Reddit karma farmer, not a bot meant to spark discussion within the community. I wouldn’t have had an issue with the content if it was clear that the post was made by a bot.
Edit: I’ve realized my mistake and will just leave it on, my bot is not above any other, and my goal doesn’t justify not checking the box.
That’s a fair point, and seeing that a lot of people would prefer it be on, I will probably reconsider my stance regardless of what the admins say.
I still appreciate your work in modding and creating tools that help make Lemmy.world thrive. Thanks for your consideration as well.
Update: L3s made the decision to mark it as a bot and has taken the time to reach out and sort of explain their thought process and feelings and I really appreciate it. No bad blood or hurt feelings or anything, and I genuinely think that there’s value and good intention in what they’re doing, I just had an issue with this one specific thing and it looks like we got past it. No big deal, we’re all adults, now let’s eat some cheese.
I understand your reasoning and the purpose of this bot and I’m sure a lot of people are happy with it and appreciate it and I’m not against your work on this bot in any way. But the reason why I think it’s important to mark it as a bot, because to not do so is genuinely misleading and forces people like me to bypass the built in “Please don’t show bots” check in favor of blocking a bot account.
It’s a bot; I specifically have a “Show bot accounts” unchecked; I’m still seeing a bot.
It may or may not be against ToS, at the end of the day I don’t really care that much to be honest, but if I put myself on a “Do not call” list and still get calls from spammers, it’s annoying even if it were entirely legal. I’m not saying it’s as bad as that or that you’re spamming for nefarious purposes, but there is a built in feature into the platform that allows people to be transparent and mark accounts as bots and users to choose to opt out of seeing those and that’s a great, fairly unique feature to this platform.
Checking that would mean that those who don’t quite understand there are content bots, would no longer see these posts.
And respectfully, I don’t think it’s up to you to make that distinction for users that choose to opt out of seeing bot accounts. A bot is a bot. If people are OK with seeing your bot or the inevitable remindme or cat facts or whatever, they can enable that in their preferences, it’s up to the user.
I hope you understand, this isn’t an attack against you or your work in any way.
And respectfully, I don’t think it’s up to you to make that distinction for users that choose to opt out of seeing bot accounts.Not to sound rude here, but I feel the same about you asking me to check that box.Again, if the admins request me to check it, I will do it - or if the Code of Conduct changes. Lets see what they say in the post you made on [email protected] and go from there.I was rude and wrong here.
Not to sound rude here, but I feel the same about you asking me to check that box.
Task failed. These provisions were made with the expectation that individuals such as yourself would act in good faith. It’s alarming to hear that a moderator of any community feels they are above that standard.
I agree with the sentiment from the others here, but I also wanted to add that as a general rule, you shouldn’t behave in a way that would be detrimental for the community if everyone did it. Bots should be marked as bots, or the user preference switch to show content from bots is meaningless regardless of how positive or influential you think yours is – as I’m sure most bot creators feel about their own work.
It’s understandable that you want to have a positive impact, and that is commendable, but your bot shouldn’t be an exception just by your own judgment, especially considering the problems with what the bot is doing that have been pointed out to you.
Just my take. I would prefer your bot, and all bots, be marked as such irrespective of function.
So, you’re a weasel level jackass. Duly noted.
Yes. If you keep reading, I acknowledge that. A bot is a bot, mine is no exception.
OP is a bot account apparently.
I noticed that after my comment. Still a low quality post from a bot seemingly farming for clicks through to articles, where a description summary from a human or better parsing from the bot could have improved the quality of the post.
Agreed, the amount of clicks for the article would increase exponentially if they actually added context for those of us who never click these links.
You mean Threads?
Yes I know… The cheapest shot.
…Why would Threads send your data to China? They make plenty of money off that data domestically.
deleted by creator
Got em
This is interesting, I cannot reply to iAmTheTot’s comment, but there’s no issue commenting on any other comments. Is it because they’re on kbin?
Yes, replying to kbin doesn’t seem to work
I’m sure it was an honest mistake. Who hasn’t tried setting up a
println("Hello World")and accidentally forwarded all their keylogger data to the CCP?my bad, completely forgot to remove that debugging code…
Is it TikTok?
You’d need to make that 1.5 billion to have the article be referring to TikTok.
Edit: but yes the article could easily be about TikTok, they hoard data just like US social medias, but are part owned by the Chinese government, so it’s even worse.
I mean, it does but they weren’t reporting that particular spyware
Bot account. sigh.
And yet the article doesn’t say which File Manager is the spyware or what the dev is called. Great reporting.
🤔
The apps are named in the second paragraph my guy. Literally did not have to scroll after clicking the link to prove you wrong.
Even on a quick glance you can find literally 4 apps called “File Manager” and if you scroll further I’m sure there will be even more.
Any electronic device with any software sends any data to anyone who pays.
Why is it bad to send data to China and not to US?
Who said the US wasn’t bad?
This is just a strawman argument, just because we’re talking about being lit on fire does not mean the alternative of being dipped in acid is good but you know I’d rather not be simultaneously lit on fire while being dipped in acid if I can help it.
